Bugtraq mailing list archives
Re: Simple OpenBSD crash script
From: gvs () AGMAR RU (GvS One)
Date: Wed, 28 Jan 1998 11:23:41 +0300
_\|/_ On Sun, 25 Jan 1998, Jason Downs wrote:
Here is a rather simple method of crashing most OpenBSD systems (and, I assume, NetBSD or anything else running 4.4BSD vm without this problem fixed).
Hmm.. on my P200MMX RAM 32 running FreeBSD 2.2.5-RELEASE with kernel options CHILD_MAX=128, OPEN_MAX=128, DFLDSIZ=(16*1024*1024) the execution of that script caused to "too many open files" at the user level and "can't open /usr/lib/libc.so" or some similar library at the system level (no logins, no execs and so on). Once the console received such message it hangs forever, and I couldn't switch to it anymore. But kernel did not panic and opened files still were available, as open network connections too (rlogins). Failed to stop this process, even when I pressed ^C at the console running that script, I used Ctrl-Alt-Del to reboot, and the filesystems were synchronized before reboot. After reboot I got the message `date` newsyslog[$PID]: log file turned over in /var/log/messages. Bad, bad condition. Any ideas to decrease user level privileges to keep system level resources still available under this attack?
Most, if not all, kernels have process limits high enough for a normal user to run the kernel out of non-pageable map entries. The easiest way that I have found to do this is with the enclosed script. If the per-user process/descriptor limits are high enough, running this script will result in a kernel panic.
[skip] SY, Seva Gluschenko, just stranger at the Road. --- IRC: erra * Origin: gone to the Internet (gvs () agmar ru) [http://www.agmar.ru/~gvs/]
Current thread:
- CERT Vendor-Initiated Bulletin VB-98.01 - excite, (continued)
- CERT Vendor-Initiated Bulletin VB-98.01 - excite Aleph One (Jan 19)
- GCC 2.7.? /tmp files Micha? Zalewski (Jan 15)
- Re: GCC 2.7.? /tmp files Niels Bakker (Jan 16)
- pnserver exploit.. Aleph One (Jan 15)
- Re: pnserver exploit.. Angelos Karageorgiou (Jan 16)
- Re: pnserver exploit.. Donald van de Weyer (Jan 21)
- (AUSCERT ESB-98.009) CERT Advisory CA-98.02 - Vulnerabilities in Grant Beattie (Jan 21)
- Q179148: Settings May Not Be Applied with URL with Short Filename Aleph One (Jan 23)
- CDE: dtappgather on AIX Marcin Cieslak (Jan 25)
- Simple OpenBSD crash script Jason Downs (Jan 25)
- Re: Simple OpenBSD crash script GvS One (Jan 28)
- Quake 2 Linux kevingeo () CRUZIO COM (Jan 25)
- Re: Quake 2 Linux Greg Alexander (Jan 27)
- Announcement: Phrack 52 route () RESENTMENT INFONEXUS COM (Jan 26)
- Microsoft responds to bug in Exchange Server Tony Hagale (Jan 27)
- Re: Announcement: Phrack 52 Olaf Kirch (Jan 28)
- KSR[T] Advisory #7: filter KSR[T] (Jan 29)
- Bug in IMail's pop3d32.exe RHS Linux User (Jan 29)
- Secure Linux patch Solar Designer (Jan 29)
- Gaining Domain Admins access on LAN (fwd) Weld Pond (Jan 28)
- GZEXE - the big problem Micha? Zalewski (Jan 28)